Digital Health Transformation Strategy

Tag Archives: portability

Post navigation

The Emerging Market in Health Care Innovation
Tilman Ehrbeck, Nicolaus Henke, and Thomas Kibasi
McKinsey Quarterly May 2010
McKinsey conducted research in partnership with the World Economic Forum to study the most promising novel forms of health care delivery and, in particular, to understand how these innovations changed its economics.

#2 in a series — Modifications to HIPAA Privacy Laws: Impact on Microsoft HealthVault, Google Health, and other PHRs.

by Deven McGraw JD, MPH, Center for Democracy & Technology

Introduction

There has been considerable discussion lately about whether or not the stimulus legislation (ARRA) extends HIPAA coverage to commercial vendors of personal health records (PHRs) any time they contract with entities already covered by HIPAA like hospitals, health plans or physicians groups. (For those of you who don’t know, HIPAA is the Health Insurance Portability and Accountability Act of 1996. The HIPAA privacy and security regulations form our national health privacy and security rules.)

The provision in question (Section 13408) states that “each vendor that contracts with a covered entity to allow that covered entity to offer a personal health record to patients as part of its electronic health record” is required to enter into a business associate agreement with the covered entity. Under ARRA, business associates must comply with key provisions of the HIPAA privacy and security regulations.

In this post, I argue that PHR vendors should be covered under HIPAA only under certain circumstances. PHRs should be governed by a comprehensive framework of privacy and security protections, but HIPAA would provide inadequate privacy protection for people using these tools (at least as the HIPAA rules are currently structured). As a result, I argue that this provision in ARRA should not be read to require the automatic application of HIPAA to PHR vendors any time they contract with covered entities to offer a PHR. Instead, I suggest that HIPAA should cover a PHR vendor’s activities when the nature of the relationship between the vendor and the covered entity (hospital, health plan, physician office) primarily concerns the vendor performing a service for the covered entity.

However, where the contractual relationship is primarily about improving the value of the PHR to the consumer, HIPAA should not apply. (I know, not an easy line to draw – but I do suggest some factors that should influence the decision.)

Finally, I urge the prompt adoption of separate, targeted privacy provisions to protect consumers using PHRs so that the choice is not HIPAA or limited protections under other federal laws.

Why Not HIPAA – Isn’t it Better Than Nothing?

Table of contents for the series--Modifications to HIPAA Privacy Laws: Impact on Microsoft HealthVault, Google Health, and other PHRs

Yabut is a term coined by my esteemed colleague, the late Paul Fetrow. It stands for “Yeah….but….”

Yabuts are the gotchas, the fine print, the details that affect the terms of any agreement. For example, the telecom companies will tell you its easy to switch carriers now that we have number portability. Yeah…but it will cost you $175 for an early termination fee.

Yesterday’s post ended with the optimistic observation that Google Health and Microsoft HealthVault have agreed in principle that the platforms will be open and interoperable. (Presumably) you’ll be able to either 1) move all your data from Google Health to HealthVault, or vice versa, and 2) be able to transfer data across networks, e.g., your doctor has signed up with HealthVault and the lab belongs to Google Health, but because the platforms are open and interoperable data will pass across the network and your doctor will get lab results seamlessly.

Again, the analogy here is the telephone network — where you know that you can pick up the phone and call anyone in the world, regardless of the technical networks required to pass your voice.

What are some of the yabuts to Google Health and Microsoft HealthVault exchanging data? In this case yabuts refers to customer lock-in tactics and switching costs that might be imposed.

The purpose of this post is to help a non-technical audience untangle some of the confusion regarding health data exchange standards, and particularly come to a better understanding of the similarities and differences between the Continuity of Care Record (CCR) standard and the CDA Continuity of Care Document (CCD). But what I’m most interested in is getting beyond the technical, political, or economic positions and interests of the proponents of any particular standard to arrive at some principles that demonstrate in plain language what we are trying to achieve by using such standards in the first place.

Frankly, I don’t give a hoot about what standardized XML format for capturing clinical data and information about a person becomes the norm in the health care industry over the next several years. I do care that the decision is made by the people, institutions, and companies who use the standards, and not made by a quasi-governmental panel or a group of “industry experts” whose economic or political interests are served by the outcome, and dominated by a particular standards development organization with whom they are very cozy.

In other words, I do want free and open market forces to be able to operate freely and openly as health information exchange evolves, in part because I believe market forces will work in the direction of continuously improving health IT, whereas in my experience top-down efforts are often protective of established interests and discouraging to innovation.

Google Inc. has approached Cerner Corp. about a partnership, but Cerner officials don’t sound eager to entangle themselves with the Web-search Goliath.

That’s because the proposed partnership relates to Google Health, the personal health record site launched earlier in May in beta form.

The overture hasn’t led to substantive talks, Cerner President Trace Devanny said, because Cerner doesn’t see much value in Google Health or HealthVault, a similar site that Microsoft Corp. launched in October.

Cerner CEO Neal Patterson referred to the sites during a May 23 shareholders meeting as "electronic shoeboxes," requiring consumers to do much of the data importing and updating.

Why is Cerner dissing Google? Let’s take a look at Cerner’s current business model:

The federal office in charge of creating a national network of electronic health records plans to integrate the system with the health care databases that Google and Microsoft launched last year, on which individuals can store their health records, a top official with the Health and Human Services Department said….

(The HHS official) provided few details on how the office would incorporate personal health records….

Federal interfaces to the health network will be through an entity called NHIN Connect.

Here’s a simplified diagram of our current understanding of how NHIN Connect will link to the Personal Health Information Network (click on the diagram for a larger version):

The Internet and digital technologies have transformed many aspects of our lives over the past twenty years. We can get cash at ATMs all over the world; we can book our own airline reservations; we can shop and get best prices over the Internet.

Why hasn’t this happened in health care? Something is missing.

Recently, major global information and communication companies have announced their intention to bring their technologies and business models to health care. While the creation of Google Health (GH), Microsoft HealthVault (HV), and Dossia (sponsors include Intel, Wal-Mart, AT&T) are important news items by themselves, what’s more important is what they represent collectively — a new Personal Health Information Network (PHIN). The PHIN and applications developed around the PHIN will fill in many missing pieces and bring health care into the Information Age.

For example, suppose you just found out you have high blood pressure – that’s not uncommon. Suppose you could easily submit information about your condition using the Google Health platform to receive a service that does the following:

informs you whether there are clues in your medical history that point to a cause for your high blood pressure

explains why being overweight can be a contributing factor

tells you in easy-to understand language what the top number and the bottom number mean (“140 over 90″)

explains which laboratory tests are necessary

alerts you to the possibility that one of your prescription or over the counter drugs could be making your high blood pressure worse

advises you about the usefulness of using non-drug approaches to treatment

tells you which treatment drugs have the greatest efficacy and safety for your specific circumstances

tells you if any of those generics high blood pressure drugs are available at Walgreens for $4 a month

offers to provide you a map with several Walgreens stores in your city that carry those $4 a month medications

…and many more possibilities we have not yet begun to imagine!

This essay:

Is the first in a series of articles we’ll be writing to describe the PHIN and why it’s important — expect about a dozen follow-up posts.

Is an overview of the basic idea — think executive summary or long abstract

Introduces some new concepts, which we’ll try to simplify and define. We understand that some of this is not easy reading. ….so we suggest you refill your cup of coffee and settle in.

While details are thin, here’s a first pass at comparing and contrasting Google Health (GH) and Microsoft HealthVault (HV). Overall, there are many common features, some differences, and many common challenges between these two platforms.

Would you like to have the experience of being parachuted into a deep forest with no map of where you are or clues about how to get out? If so, I suggest that you go directly to Microsoft’s new PHR at www.healthvault.com and just TRY to figure out where you are or where you’re headed.

Initial confusion put aside, I think HealthVault is strategically brilliant. While I’d give Microsoft a C- for explaining HealthVault (HV), I’ll give them an A for laying the strategy and foundation for what can become an extremely powerful platform for the appropriate, free flow of interoperable and transportable personal health information (I’ve chosen my words carefully here).

Here are four initial impressions about HealthVault — please comment as I’m still trying to figure out myself exactly what HV is and isn’t.